Class: Contrast::Agent::Assess::Rule::Response::CspHeaderInsecure

Inherits:

HeaderRule

• Object
• BaseRule
• HeaderRule
• Contrast::Agent::Assess::Rule::Response::CspHeaderInsecure

Defined in:

lib/contrast/agent/assess/rule/response/csp_header_insecure_rule.rb

Overview

These rules check that the HTTP Headers include CSP header types

Constant Summary

HEADER_KEYS =

%w[Content-Security-Policy X-Content-Security-Policy X-Webkit-CSP].cs__freeze

DEFAULT_SAFE =

false

SETTINGS =

%w[
  base-uri child-src default-src connect-src frame-src media-src object-src script-src
  style-src form-action frame-ancestors plugin-types reflected-xss referer
].cs__freeze

UNSAFE_VALUE_REGEXP =

/^unsafe-(?:inline|eval)$/.cs__freeze

ASTERISK_REGEXP =

/[*]/.cs__freeze

SAFE_REFLECTED_XSS =

/1/.cs__freeze

Constants inherited from HeaderRule

HeaderRule::HEADER_TYPE

Constants inherited from BaseRule

BaseRule::DATA

Instance Method Summary

• #rule_id ⇒ Object

Methods inherited from HeaderRule

#analyze_response?, #headers?

Methods inherited from BaseRule

#analyze

Instance Method Details

#rule_id ⇒ Object

# File 'lib/contrast/agent/assess/rule/response/csp_header_insecure_rule.rb', line 25

def rule_id
  'csp-header-insecure'
end